Tag mitigation

10 Strategies for Improving Emergency Management

Tim Riecker, The Contrarian Emergency Manager 2 Comments

I recently listened to an interview with author and professor Sean McFate.  In the interview he discusses the changing landscape of warfare and what the US must do to keep up, particularly since we are still largely stuck in a mindset of conventional warfare.  For those interested in this very insightful interview, it was on The Security Studies Podcast.

Obviously, a great deal has changed over the decades in warfare, but many philosophies and perspectives have remained the same.  As I listened to the interview, I found McFate’s words to ring true for emergency management as well.  We have had some changes in focus from civil defense, to natural hazards, to terrorism, and now toward what seems to be the most comprehensive all-hazards perspective we’ve ever had.  We’ve also had changes in technology and methodologies, but we still seem stuck in a lot of old ways of thinking.  Emergency management isn’t linear.  In fact the lines are blurred so much that it’s hardly cyclical (another old way of thinking).

McFate espoused that high-level warfare strategies should span administrations and leadership changes.  They should be durable and adaptable.  In the interview he discussed 10 new rule of war, which were summarized from his new book.  As such, I offer 10 strategies for improving emergency management.  You will see that most of these items aren’t radical.  The fundamentals of what we do in emergency management must certainly persist, but some perspectives do need to change.  Here’s what I have to offer:

  1. More incentivization for data-driven hazard mitigation and resilience

There are a few items to unpack in this one.  First of all, fully bringing the concept of resilience on board and marrying it up hazard mitigation.  Where there is some overlap in the two, there are also distinct differences.  Ultimately, however, the ideal end state for the two is the same: eliminate or significantly reduce hazards and impacts from those hazards.  The more we start discussing hazard mitigation and resilience together, the more we will see the linkages between the two.  Hazard mitigation funding, likewise, needs to be broadened to incorporate concepts of resilience.

Another key item here is making these projects data-driven.  Let’s do a better job of quantifying risk in relatable terms.  Risk needs to include not only immediate potential impacts, but also cascading effects.  Once we have that impact data, then root cause analysis is important.  Some of this is regulation, some engineering, some human behavior.  Also keep in mind that this needs to truly be all-hazards.

Lastly, incentivization.  Incentivization isn’t just funding, and gold stickers are not tangible incentives.  Make it meaningful.  Also make these incentives more immediate.  It’s great that mitigation measures can result in a locality paying a lower percentage in the event of a future public assistance declaration, but that could happen years from now, or it might not.  That’s still good to include, but let’s be real – tax payers and law makers don’t just want to dream about the reward, they want to enjoy it now.

  1. Ground preparedness in reality

I’ve seen a lot of preparedness activities (planning, organizing, equipping, training, and exercises) based on someone’s “good ideas” instead of actual data and needs.  It’s no coincidence that I just mentioned data in the previous point.  How many jurisdictions actually use all that data from their hazard mitigation plan, generally synthesized at significant expense, for other emergency management needs?  It’s quite a rare occasion.  Why?  Most practitioners view hazard mitigation to be a totally different animal.  It’s not sexy response stuff, so they don’t see a need to pay attention to it.  Instead, they fully dismiss what was done for hazard mitigation planning and do their own hazard analysis.  It seems to be a no-brainer that we should do better at developing one system to meet both needs.

Needs assessments take time and that has a cost, but leadership should be making informed decisions about what preparedness needs exist.  Absent conducting a needs assessment, the wrong decisions can easily be made, which results in a waste of time and money.  Most every emergency management agency has a story of time and money wasted on knee-jerk reactions.

Needs assessments should be applied to every aspects of preparedness.  In planning, we want to minimize assumptions and maximize data.  If an incident of the type you are looking at has never happened in your jurisdiction, make comparisons other similar jurisdictions.  Training programs should be based on identified needs, and individual courses should be developed based upon identified needs.  Probably a good opportunity for me to mention that ICS Training Sucks (but a realistic training needs assessment would fix it).  Similarly, the objectives we identify for exercises should be grounded in recognizing what capabilities and plans we need to validate.

Observation: When we look at the 32 Core Capabilities from the National Preparedness Goal, Threat and Hazard Identification is a Core Capability sitting in the Mitigation mission area.  If threat and hazard identification is so fundamental to what we do across all of emergency management, why isn’t it a common capability along with Planning, Operational Coordination, and Public Information and Warning?  Perhaps that needs to change?

  1. Boost regional efforts and coalitions

It’s interesting that everyone talks about how emergency management is a collaborative effort, yet in practice so many are resistant, reluctant, or negligent in working collaboratively.  Sure, it’s often easier to write a plan yourself, but the end result likely isn’t as good as it would be from a group effort.  In healthcare preparedness (yep, that’s a part of emergency management, too), they have been using regional healthcare coalitions.  These coalitions cover all aspects of healthcare, from hospitals, to clinics, to private practices, nursing homes, and EMS, along with health departments.

There is certainly precedent in emergency management to work collaboratively.  There are required collaborations, such as Local Emergency Planning Committees (LEPCs), as well as those emphasized in practice, such as in plan development.  LEPCs are great, and often under-utilized in a lot of areas.  In some areas, especially those with heavy industry, they are large and busy, and can’t really take on any more than they already do, but in other areas they have much less to do and could certainly work with a dual purpose as a standing emergency management coordination or advisement entity.  Regardless of how it’s done, build a local or regional EM coalition.  The relationships and perspectives, if properly organized and tasked, will reap some great benefits.  Don’t forget to make them regional, if that makes sense for you.  Disasters don’t give a damn about the funny lines we draw on maps.  And don’t just make these groups about meetings… actually engage them in meaningful preparedness activities and other aspects of emergency management.

  1. Embrace scholar-practitioners

One of the items McFate mentioned in his interview was embracing scholar-practitioners. Now I’m not the kind of person to espouse that a practitioner is any better than a scholar, or vice versa.  They each have an important role, especially in a profession like emergency management, where there is a lot of theory (more than most people realize) and a lot of application.  That said, we don’t have to pick a side.  You can be whoever you want, in fact you can even do both.  Does being a practitioner mean that you have to be a full-time emergency manager? Nope.  Being a scholar doesn’t necessarily mean you must be a professor or a student pursuing an advanced degree, either.  I would absolutely argue that regularly reading some research papers or a book on related topics, or even this blog, makes you a scholar.  If you have interest beyond just direct application, and like to think or discuss broader ideas in emergency management, that makes you a scholar.

I think it is scholar-practitioners that have that capacity to advance our profession more than others.  Not only is this group doing, but they are thinking about how to do it better.  If they come up with an idea of how to do it better, they have the greatest chance of actually giving their idea a try.  They are also the ones most prone to share their lessons learned, both successes and otherwise.

  1. Understand emergency management as a social science

Speaking of theory, we need to recognize emergency management for what it is.  While specific applications of emergency management may be within niche areas of practice and academic disciplines, most of emergency management is really a social science.  Social science is fundamentally about the relationships of people.  That is what we do in emergency management.  There are aspects of social science that may apply more than others, such as sociology or public health, but we also need to embrace political science.

In application, emergency managers need to become more astute in politics.  Not the partisan running for office type of politics, but politics as an aspect of governance, policy, and relationship building.  As an emergency manager, it’s your job to understand what every agency and department does in your jurisdiction, and how they fit into the function of emergency management.  Yes, you can espouse the benefits of emergency management and business continuity to them, but how do they fit into emergency management?  Some connections are easy to make, especially the public safety ones or extensions of that such as transportation, public works, and public health.  But many are quick to dismiss administrative, support, and social welfare agencies.  The better you understand them and are able to champion their involvement in emergency management, the stronger coalition you will build.

  1. Mindset: always in the disaster space

I mentioned in the introduction that the lines between the phases of emergency management are blurred.  We used to teach (and some still do) of distinct phases of emergency management: mitigation, preparedness, response, and recovery.  Sure it’s easier to teach about these when we put them in their own box, but that gives the impression to many that we only do one at a time.  The reality is that most jurisdictions are certainly doing mitigation, preparedness, and recovery right now – and maybe even some element of response.

The main point here is that we need to change mindsets of people.  I’ve had plenty of people ask me what emergency managers do when there isn’t an active disaster.  I certainly have no problem satisfying this common curiosity, but the simple fact that they ask means that we aren’t promoting enough of what we do.  We need put ourselves and others in the mindset that are always operating in the disaster space.  It doesn’t need to mean that there is always a disaster response we are involved in, but we need to be very clear that we are active every single day in disaster-related work.

I’ll take this one step further, and that’s to suggest that the primary function of every government agency is emergency management.  Consider that we have roads not only for ease of everyone’s transportation, but so that we can more quickly and efficient respond to save lives and property.  Our public works departments provide potable water and sewage systems for public health purposes, which is part of the greater emergency management family.  I could give examples for every government agency.  The administrative departments support those agencies and the implementation of their missions.

It’s also worth mentioning here that since several of these agencies have involvement in our infrastructure that we need to seriously step up our investments in infrastructure, which not only make it better and more effective and efficient, but also more resilient (tying back to my first point)

  1. Step away from tactics

Far too many emergency managers still focus on tactics.  In defense of that, it’s easy to do, especially if you come from a public safety background.  I still think it’s important to understand tactics.  That said, an effective emergency manager needs to think less about implementation and more about strategy and relationships. There are plenty of tacticians out there.  One more isn’t needed.  What is needed is someone who can step back and see the forest for the trees, as they say.

  1. Private citizens won’t prepare, but volunteers can be engaged

We need to let citizen preparedness go.  I’m not saying we should give up on our message of individual and family preparedness, because it can make a difference, but we need to recognize that most citizens simply won’t do it.  This is a concept that has largely evolved out of society.  In the days of civil defense we were engaging a different generation of people.  We also presented them with a credible and scary threat that was being put in their face all the time.  Now is not that time.  Sure, there are models of citizen preparedness that still work to extraordinary lengths, such as in Cuba, but government oppression and a cold war mentality contribute significantly to that.  Our society has evolved to an extent of individuals not having the time, wherewithal, or interest in preparing themselves.  Sure there are exceptions to every rule, but largely, society has an expectation of being provided for by the government.

Citizen engagement, on the other hand, is still a great reserve that we can spend more effort tapping.  Trained, organized volunteers can accomplish an incredible extent of activity.  Volunteer management is no easy task, though.  Programs need to be developed and promoted, volunteers recruited and trained, and organizations sustained.  Volunteers must be given purpose and don’t forget about the critical link with government… how will this happen.  Religious institutions, corporate and union volunteer groups, and entities such as CERT are all great.  We just need to do a better job at incentivizing, managing, and engaging.

  1. Plan better for recovery

Ah, recovery.  Everyone talks about how we need to do it better, but too few resources are applied to making that happen.  Remember that preparedness starts with a needs assessment and planning.  We can identify estimates of disaster impacts from which we then extrapolate reasonable benchmarks of performance within the core capabilities of recovery.  The problem is that most recovery plans are written at too high a level and generally not followed through on.  Why? Maybe because the emphasis is always on the life safety aspect of response plans.  Certainly that’s important (and we can still do so much better with our response plans), but most recovery oriented plans fall incredibly short.  It seems that most governments that even bother to write recovery plans only do so to the extent of the plan being a framework.  They identify what the goals are, what agencies are involved, and provide some high-level objectives.  Typically no strategy is provided and the management of the recovery function is rarely mentioned, despite such a focus that we have on incident management.

I just recently had a discussion with a client about recovery exercises.  They were approached about the need to conduct more of them.  Smartly, they responded by putting the focus back on the requester by asking if the recovery plans were ready to be exercised.  Once the requestor took a moment to consider, their answer was no.  Remember that (in most cases) exercises validate plans.  We can conduct an exercise in the absence of a plan, but generally that only confirms the lack of a plan.  Plans establish the standards of performance that we use in exercises and in real life.

  1. Use technology to the greatest extent, but prepare for austerity

Ah, technology.  It’s a wonderful thing, until it doesn’t work.  I’m a big fan of the efficiencies that technology provide, especially when technology is developed to solve a specific problem, not to create new ones.  Processes should dictate technology needs, not the other way around.

Technology is mostly a data tool.  It helps us to communicate more quickly and efficiently; access, organize, and transmit data; visualize data; and collect data.  More specifically, we use technology platforms such as EOC management systems and GIS.  These have allowed us to make significant strides in what we do and how we do it.  I’ve used dashboards, databases, maps, 3D models, simulators, and more to do my job.

I’ve seen some emergency managers simply not embrace technology.  And I mean at all.  Not even a computer.  I understand how they are able to function, and though they may have brilliant minds for emergency management, they are simply not able to do much without an assistant to research, type, print, and even communicate for them.  While I’m seeing this less and less, there are still some of these folks out there, and it’s not just older generations, either.

There are many who have a reasonable literacy of technology, but still aren’t embracing inexpensive or even free resources that would make them more effective.  This is even more important for the majority of emergency managers, who are typically one-person offices with few resources.   Maybe listing some of these resources will occur in a future post of mine.

Despite the wonders of technology, I often advocate procedures for going dark (i.e. when your technology fails).  After all, we are emergency managers, are we not?  Every EOC that uses a technology tool to manage functions within their EOC should absolutely have a low tech back up, procedures and training in how to implement it, and an annual exercise to test those procedures and keep people in practice.  Carbon paper and gas station maps are your friends.

~~

Well there they are: 10 strategies for improving emergency management.  As I stated in the introduction, there really isn’t anything revolutionary here, although some concepts might be a bit controversial, which I am happy to embrace.  Perhaps I missed an important point or have a poor perspective on something.  I absolutely welcome your comments and feedback, as always.

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC℠®

 

FEMA Seeks Input on Fiscal Year 2018-2022 Strategic Plan

Tim Riecker, The Contrarian Emergency Manager Leave a comment

From today’s FEMA Daily Digest Bulletin is an item related to FEMA’s FY 2018-2022 strategic plan.  FEMA Administrator Brock Long is inviting stakeholders to provide input to their upcoming strategic plan update.  They are doing this via IdeaScale, which is the same platform being used by DHS for an information campaign they promoted back in May of this year.  I’ve been monitoring the submissions to the DHS campaign and unfortunately find that the vast majority of ideas submitted are crap.  Many are ill informed (such as one idea of sending passenger baggage on a separate plane solely intended for that purpose) or politically motivated, with few offering any practical solutions to real problems.

Relative to the FEMA campaign, I’m seeing much of the same.  Here’s what FEMA requested input on:

Simplifying Recovery and Reducing Disaster Costs

  • How can FEMA simplify recovery programs and reduce disaster costs while ensuring accountability, customer service, and fiscal stewardship?

Buying Down Risk through Preparedness and Mitigation

  • How should risk be calculated in awarding grants?
  • What type of grants are best suited for effectively reducing risk?
  • How do we incentivize more investment in preparedness/mitigation prior to a disaster (not only federal investment)?
  • How should the nation, including but not limited to FEMA, train and credential a surge disaster workforce ahead of major disasters?
  • What are new ways to think about a true culture of preparedness?

Much of the input they are receiving thus far is less than helpful in the endeavor to drive strategic planning.  Rather, they are receiving ideas of tactical applications both in general as well as specific to disasters, such as Hurricane Harvey.  While some of these ideas aren’t bad (some are), it seems that people are missing the point.

This brings about some thoughts on the concept of whole community engagement, which is obviously what FEMA and DHS as a whole are trying to accomplish through these IdeaScale endeavors.  I’m 100% in favor of whole community engagement, but opening the doors and inviting unstructured commentary is less than productive.  I’m sure it’s frustrating to the people on the receiving end who are having to sift through a lot of largely irrelevant input to find a few gems.  At the community level, these discussions can be moderated in public forums, but through an electronic means, it’s pretty much a free-for-all.  A valiant effort, but I wonder if they are getting the input they really need or if this merely accomplishes them ‘checking a box’ to say they solicited whole community feedback.

While feedback from the public can be valuable, I posit that most of the public simply isn’t aware enough of the mission, organization, and activities of FEMA to provide meaningful ideas toward their strategic plan.  Instead, forums such as the ones they’ve opened up simply provide opportunities for people to vent frustrations, which I suppose has some value but not in this forum.

What I’m hopeful of is that professionals in emergency management and public safety take advantage of the opportunity to provide thoughtful feedback and ideas which can contribute to FEMA’s strategic plan update.  If they are making the effort to obtain feedback, let’s give them what they need.  That’s my challenge to you!

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Thinking Smarter About Security

Tim Riecker, The Contrarian Emergency Manager 2 Comments

If you work in any facet of public safety and you aren’t thinking about how you secure public and event spaces, you haven’t been paying attention.  Our complacency is the greatest gift we can give to terrorists and criminals.  I certainly acknowledge that the most difficult aspect of dealing with criminal intent versus natural hazards is their determination to circumvent our own protective measures and systems, but we often make it easy for them because it’s too difficult for us to change. Is that really the excuse you want to give to the board, the media, or the families of those killed in a criminal act?

While I will never claim to be a security expert, I try to look at things with a critical eye and take the advice of those who are experts in the field.  Here are a few examples of things I’ve encountered.

Several years ago I was part of a team supporting preparedness at a major sporting venue.  The organization who had exclusive rights to the venue requested support in planning, training, and exercise activities.  I provided incident management training and was the lead on exercises.  As preparation for a tabletop exercise, I coordinated with the organization to observe security procedures during a major event.  The security screeners at the entrances to the venue did a reasonable job with most patrons, although consistently faulted with one type of patron – persons in wheelchairs.  Anyone who came to the door in a wheelchair was waved through ALL security screening without so much as a bag check.  This became the gap that I exploited for the exercise, much to the objection of their head of security who insisted that personnel were trained in how to screen patrons in wheelchairs.  While they may have been trained, it is something they consistently failed in doing and I never observed a supervisor correct the behavior.  Perhaps they weren’t trained at all, or the training wasn’t effective, or it was too uncomfortable or inconvenient for them to do.  Regardless, this is a significant gap that I’ve continued to see at other locations through the years.

Earlier this year I attended a large convention that drew tens of thousands of patrons in a large convention center over a long weekend.  I was an attendee and not working in any official capacity.  Security at the venue was laughable.  Security personnel had three main activities – bag checks, credential checks, and metal detector operation.  Metal detector operation was only performed the first day, utilizing walk through detectors as well as wands.  The personnel clearly had no idea how to operate either (I was among dozens if not hundreds of people who were directed to go through a walk through detector – which I noticed was unplugged).  On the occasion that a walk through alerted (one that was plugged in…), I observed security personnel waiving the wand around people too quickly and too far away from their bodies.  For bag checks, we were asked to open all bags for security inspection.  The ‘inspection’ I observed on each day usually consisted of someone saying thank you and waving you through as they looked around the room or chatted with a co-worker, certainly not actually looking into the bags.  As for checking credentials, every patron was provided with a lanyard and a pass to be attached to said lanyard.  Security personnel were supposed to be checking passes as people entered doors to the main exhibit hall and other areas.  I noted some security personnel did this better than others – some of which didn’t check at all.  I actually managed to keep my pass in my pocket through the entire event, only being challenged by security once.  I was so alarmed by some of the practices that on separate occasions I introduced myself to a county sheriff’s deputy and a fire marshal to point out some of the more egregious issues.

My work has brought me to a number of secure facilities owned by various levels of government and private entities.  One federal facility I’ve frequently visited through the years usually screens vehicles.  As expected, this includes the opening of doors and the trunk of the car.  Not once, in the many years and visits to this facility has anyone ever moved a seat or checked a bag or package.

My last anecdote comes from a few years ago spending some down time in a small park in an area of DC where there a number of embassies.  One embassy seemed to have regular traffic in and out for visitors as well as some light construction work being performed on their grounds.  As one guard would check identification and presumably verify the need of the visitor to be there, another guard would walk around the vehicle with an inspection mirror (the type at the end of a pole with which to inspect the underside of a vehicle).  It was evident that the guard was either not trained in its proper use or the importance of this protocol, as every time he walked around a vehicle holding the mirror, but never actually putting it in position to view under the vehicle, much less ever looking down at the mirror.  He simply took a casual stroll around the vehicle.

The things I’ve noted here are just a few that happened to come to mind as I crafted this article.  There are dozens more, and I’m sure each of you can come up with a list of poor practices as well.  Keep your eyes open when you go to a public space to see how security is handled.  Look at things through the lenses of potential adversaries.  How could someone gain entry?  Are there recognized security patterns they can circumvent?  What vulnerabilities exist?  If you are responsible for security for a facility, have a security audit performed.  While formal security audits are valuable, often the most meaningful ones are casual and unannounced, with someone the front-line security personnel don’t know trying to gain entrance to the facility.  Are they challenged appropriately? Are they screened effectively?

The mitigation, prevention, and protection against security threats is something that many take too lightly – clearly even those whose job it is to focus on those matters.  Highly effective training programs are available – but we need to ensure that people take these courses and implement what they’ve learned in accordance with documented organizational practices.  Supervisors must be present and constantly maintain quality control.  This is a good matter of practice, but even more important when most non-sworn security personnel have a high rate of turn over or may be part time or temporary employees, or even volunteers.  For large events, proper just-in-time training must be performed for supplemental security staff who are not certified or otherwise professionally qualified security personnel.

Security is a challenging environment to work in.  We must constantly be recognizing threats and trying to out-think potential adversaries.  We must strive to keep passive and active security practices up to par, meeting or exceeding standards without becoming predictable to an observer.  How do you assess security in your facility?  What best practices have you identified?

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Adapting to the Cyber Threat – Who Holds Liability?

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Over the past year or so, even the past few months, we have seen a huge increase in high visibility hacks and cyber attacks.  Among the highest profile attacks are:

  • Target department stores suffered the theft of credit card holder data
  • the US government had a huge theft of information of government employees as well as theft of tax payer data from the IRS
  • and just recently the theft and subsequent public release of information of Ashley Madison account holders.

While cyber attacks and hacking didn’t just start occurring recently, our society, laws, and policies have yet to grow to truly keep up with prevention, mitigation, protection, response, and recovery from these incidents.  This is a familiar place we find ourselves in with other human-caused incidents such as mass shootings.  We have recently seen some insurance companies offering cybersecurity policies.  I’m not knowledgeable of the terms and conditions of these policies, but I’m hopeful policy holders are required to have cybersecurity policies and programs in place to help prevent and mitigate against the impacts of a cyber attack.  Presumably, the insurance  policy covers financial losses to the company and perhaps even litigation.  Consumers have a variety of protections available for identity theft offered through banks and credit cards.

With the recently announced class action lawsuit against Ashley Madison, I began thinking about where the real liability for a cyber attack lies.  Certainly those individuals whose personal information was stolen (moral issues aside) may suffer some measure of financial loss.  The same can be held true for those whose data was stolen from the Target and US government hacks.  Those individuals trusted and were generally assured that their personal and financial information would be protected.  These assurances place a liability on the entity that holds their information.  However, we tend to treat liability differently for disasters and acts of terrorism where entities, so long as they made reasonable and prudent efforts to avoid impacts, are held harmless; or in the event of a criminal act, we see liability shifted to the perpetrators of the criminal act.

I’m convinced that any system can eventually be hacked and suffer either data loss or data theft.  Unlike a natural disaster, intentional human-caused incidents include the factor of persistence.  Persistence is a unique element which requires constant and concerted efforts on the part of other humans to prevent, protect, and mitigate against criminal acts.  Given the law of averages and the constant need for cybersecurity experts to keep up with all tactics used by criminals, the good guys are bound to lose a battle once in a while.  While I don’t disagree that those who have their personal information stolen through no fault of their own may be deserving of financial compensation for their losses, I’m left wondering about the real liability of those entities who make reasonable and prudent efforts to protect that data.

Certainly the perpetrators, when found guilty, are at fault and hold the ultimate responsibility, but we have difficulty in identifying and persecuting these attackers.  Even if the perpetrators are found and convicted, is there still a shared liability among other parties?

Like climate change, we struggled for many years fighting the inevitable and thinking we could stop or reverse its effects.  We are finally shifting to a new philosophy of adaptation.  While we do what we can to slow the speed of climate change, many have accepted that climate change, and thus its impacts, are an inevitability.  This leads me to suggest that we need to take the same stance with all disasters, including those caused by humans.  Incidents will occur.  While we MUST do what we can to prevent, protect, and mitigate against them, we need to shift the thinking of society to response, recovery, and adaptation for when, inevitably, it does occur.

While I’m no attorney or expert in liability and litigation, it seems to be a fairly unexplored area in terms of cybersecurity.  I welcome your thoughts and ideas on this.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ

Are You Really Considering All Hazards?

Tim Riecker, The Contrarian Emergency Manager 1 Comment

Natural hazards, such as flooding, tornados, wildfire, and earthquakes, bring about the greatest losses, calculated in nearly every metric possible, as compared to human-caused incidents.  Human-caused incidents, either accidental or intentional, still bring tremendous impact to communities world-wide on a daily basis.  While working to prepare for, mitigate, respond to, and recover from natural hazards will always continue to be important, it seems that many still often forget about human-caused incidents despite all the conversations out there.

Human-caused incidents include a variety of hazards such as infrastructure failure, transportation accidents, hazardous materials incidents, and intentional attacks.  These are all things which we can fit into our traditional model of Prepare, Mitigate, Respond, and Recover.  The National Planning Goal introduced the model of the five Mission Areas – Prevention, Protection, Mitigation, Response, and Recovery – to help address our many of our major functions (Core Capabilities) for human-caused incidents (note that Preparedness is now a higher level concept that applies to all Mission Areas).  While this Mission Area model has helped bring these key activities into the greater fold of what we do, it has also kept them largely isolated through the thought that many human-caused incidents are only addressed through Prevention and Protection Mission Area activities.

Nowhere, it seems, do we see this more than in the area of hazard mitigation.  The vast majority of hazard mitigation plans which exist only address natural hazards (even at the state level).  Since many readers view this blog for my opinion, here it is – this is archaic and dangerous thinking!  We have all seen hazard mitigation plans which claim they are ‘all hazards’, yet only list natural hazards.  That’s fine, if by some unbelievable circumstance, your jurisdiction is only impacted by natural hazards.  This is a circumstance which I am highly doubtful of.  Some mitigation plans get a little more realistic and will address human-caused hazards such as dam failure and/or hazardous materials release, which were likely the greatest human-caused threats they may have been vulnerable to in the previous century.  In today’s world this still doesn’t quite get us to where we need to be.  There are a great many mitigation activities which we can leverage against human-caused incidents.

How do we fix this?  It’s easy – start with conducting a hazard analysis.  A hazard analysis, be it as a stand-alone activity or part of the THIRA process, should review all possible hazards which your jurisdiction, company, or organization is vulnerable to.  It should be comprehensive, not just limited to the set of natural hazards.  Along with infrastructure failure and hazardous materials incidents (both in-transit and fixed site), consider hazards such as active shooters, cyber attacks, improvised explosives, and civil unrest.  This may require bringing some additional subject matter experts into the room for your hazard analysis – like your IT director.  In a hazard analysis, each hazard is ranked (at a minimum) by its likelihood to occur and its severity of impact should it occur.

A well conducted hazard analysis provides the basis for everything we do in emergency management and homeland security.  It not only informs our activities such as planning, training, and exercises, it also helps assign priority to those hazards which require the greatest focus and allocation of resources.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ

NIMS Alert – FEMA Seeks Feedback on Federal Interagency Operational Plans

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Take some time to review and comment on these.  Be heard!  TR

<from press release>

FEMA is requesting stakeholder feedback on working drafts of four of the five Federal Interagency Operational Plans (FIOPs):  Protection, Mitigation, Response, and Recovery. The Prevention FIOP is Unclassified and For Official Use Only (FOUO)/Law Enforcement Sensitive (LES), Restricted Access and therefore available to appropriate personnel through separate and secure communication means. The FIOPs describe how the Federal government aligns resources and delivers core capabilities. Each FIOP outlines the concept of operations for integrating and synchronizing existing national-level Federal capabilities to support the whole community.

This update of the FIOPs focuses on discrete, critical content revisions, and confirming edits as a result of comments received on the National Preparedness Goal and National Planning Frameworks. Additional changes in the draft are the result of the lessons learned from implementing the FIOPs and recent events, as well as the findings of the National Preparedness Report.  The FIOPs and feedback submission forms may be found at http://www.fema.gov/ppd-8-news-updates-announcements.

To ensure all feedback is properly handled, reviewers are asked to use the provided feedback submission form to submit feedback and recommendations. Please provide any comments and recommendations, using the submission form, to PPD8-Engagement@fema.dhs.gov by Tuesday, September 2, 2015 at 5:00 PM EDT.

Most Disasters are NOT Extraordinary Occurrences – OR Crowdsourcing Volunteers

Tim Riecker, The Contrarian Emergency Manager Leave a comment

I listen to A LOT of podcasts.  While some are focused on emergency management and homeland security, most are pop culture related and have nothing at all to do with EM/HS.  At least not directly.

Listening to a recent podcast, it struck me how often the hosts mention disaster-related occurrences.  During this podcast there were several mentions of disaster related issues including the Louisiana theater shooting (which was breaking news while they were recording) and the Tom Selleck legal drama in California over stolen water (which ultimately relates back to their drought issues).  The same podcasters (one of which is in New England, the other in the National Capital Region) often comment through the year on weather-related incidents which impact them and others including winter storms, flooding, and warmer weather storm damages.

The point is that most disasters are not extraordinary occurrences.  Routine incidents aside, some measure of disaster occurs fairy regularly, certainly around the world and even just within any of our nations.  Turn on the news tonight and see for yourself.  So WHY, I ask, is there such a mentality with the general public (and maybe even with us public safety types) about disasters being out of the ordinary occurrences?  Sure they don’t happen within our own jurisdiction every day, but they happen somewhere EVERY DAY.  I’m not saying we have to be paranoid about it, but I see the COMPLACENCY getting WORSE.  We discuss preparedness often, and the aspect of getting the public better engaged in preparedness almost as much, yet we have yet to see real, meaningful success in this.

We’ve recently seen a bit of a paradigm shift in how we deal with climate change (insert groaning sound here).  For many years we tried to prevent it, as if we could.  The reality is that part of it is influenced by the actions of humanity and part of it by the natural cycle of our planet.  There are things we simply shouldn’t be doing and we still need to work on those, but we have also come to grips with the inevitability of the impacts.  We have realized that they will happen no matter what we do and we have decided that we need to ADAPT in order to survive.

Adaptation is an important realization for us (I’m now speaking in generality – not just climate change issues).  If there are things that we pound our heads against the wall over in futility, such as public engagement, maybe we are doing it all wrong?  I’m not saying that we stop trying to engage the public.  There are certainly successes we have seen, but I don’t think we are seeing the return on investment we should be.

Let’s look at society today.  People seem to have less time ability interest in volunteering or committing to efforts ahead of time.  We have to understand and acknowledge that first and foremost.  Have we turned into soulless uncaring creatures?  No, of course not.  We have just seen a shift in culture.  Trying to fight this culture is foolish.  Instead, we need to adapt.  How do we adapt?

Social media is the greatest embodiment of our need for instantaneous information and feedback.  It doesn’t take much preparation (download some apps, create accounts, find friends).  The vast majority of the information that rolls across the screen is crap, but every once in a while there is a worthwhile nugget that will garner some responses.  Sometimes (usually disasters or a new statement by Donald Trump) information that comes across garners a great deal of attention and people want to take action.  Do they know how to take meaningful action?  Often not.  But they will follow along with the good ideas of others.  (aka leaders).

Let’s broaden this concept within public engagement.  What this essentially comes down to is managing spontaneous volunteers – a concept we have seen much need for in EM for years.  I think we need to emphasize this more than ever.  We also need to update the way we think about it.  These spontaneous volunteers will not only show up at town hall, the fire house, local diner, or house of worship; they will show up online via Twitter and Facebook.  They will be locals, they will be from out of state, across the country, or across the planet.   ALL of them can be engaged.  Let’s crowdsource volunteers in emergency management.  We just need to identify how to engage them.  Identify gaps and figure out how these good natured people can fill those gaps with little no upfront investment of time or effort on their part.  Build plans that address spontaneous volunteer engagement – both in the physical aspect as well as virtual.  Train to these plans and test these plans.  Let’s stop struggling against old ways of thinking.  Improvise, adapt, and overcome.

As always, I’d love to hear your thoughts on this.

I do want to take a moment to thank my followers and readers – something I don’t do enough of.  Your support and comments are greatly appreciated.  Also, if you like my blog, spread the word.  Please feel free to forward/repost/retweet to friends, family, colleagues, and complete strangers.

©2015 – Timothy Riecker

EMERGENCY PREPAREDNESS SOLUTIONS, LLC

WWW.EPSLLC.BIZ

What is Resilience?

Tim Riecker, The Contrarian Emergency Manager 4 Comments

The topic of resilience is something I’ve wanted to write about for a while.  This morning it struck me that today was the day.  I was spurred to it today by the LLIS page on the Community Resilience Core Capability.  I have a few references that I organized then opened up WordPress to starting writing… only to find that earlier today Claire Rubin beat me to it!  Claire Rubin, the ‘Recovery Diva’ is a well respected researcher, consultant, and educator in the field of emergency management.  She’s been in this business for quite a while and like me, likes to share resources and her thoughts on various topics in emergency management.  She also runs a blog on WordPress.  Follow her blog… it’s well worth it!  In her posting on Resilience today she really just provided a link to a document for us to chew on for a bit.  The document, a topical paper on Resilience, was published by the GSDRC, a partnership of research institutes in the UK.  This is a must read for emergency management folks.

So why write on the topic of Resilience in the first place?  There are many, myself included, who often wonder exactly what it is.  I think most of know intuitively, but it feels like it’s not a tangible thing that we can put a finger on.  Are Resilience and mitigation one in the same?  I would say no.  Resilience includes but transcends mitigation.  Community Resilience is a core capability within the mitigation mission area of the National Preparedness Goal’s Core Capabilities, but only because it’s the best place to put it, in my opinion.  A Resiliency strategy should address capabilities across all mission areas.

What is Resilience?  The Core Capabilities give a very brief description:

“Lead the integrated effort to recognize, understand, communicate, plan, and address risks so that the community can develop a set of      actions to accomplish Mitigation and improve resilience.”  Didn’t we learn in grade school to not use the word we are defining in the definition?

The GSDRC document has a much more comprehensive definition:

“Disaster resilience is the ability of individuals, communities, organizations, and states to adapt to and recovery from hazards, shocks, or stresses without compromising long-term prospects for development.”

The GSDRC references another definition, perhaps the one I like best, originating from the Hyogo Framework for Action (a UNISDR document) as follows:

“Disaster resilience is determined by the degree to which individuals, communities, and public and private organizations are capable of organizing themselves to learn from past disasters and reduce their risks to future ones, at international, regional, national, and local levels.”

The concept of learning from past disasters – either your own or those experienced by someone else – seems to me to be a critical component to Resilience.  Without experiencing the impacts of disasters, or at least learning from others about them, we don’t know what to prepare for.  Preparedness is another key component of Resiliency.  We have to create plans, train our community, and exercise those plans to become more Resilient.  Mitigation is certainly an important aspect of Resiliency – we must engineer risk reducing measures to become more Resilient.

I was fortunate to attend the 2013 IAEM conference in Reno and sit through a presentation from Dr. Dennis Mileti one day following lunch.  He spoke largely on Resiliency, first mentioning community focuses necessary for reducing loss including land use management, building codes, public education, warning systems, insurance, and preparedness efforts.  He also spoke on the barriers we face in Resilience which include a lack of understanding of risk, poor community prioritization, and poor leadership and management in these efforts.  It’s interesting that the barriers are all largely ‘people problems’.

In the pursuit of my Master’s degree, my class had a considerable dialogue on climate change.  For the last few decades we have fought climate change through various mitigation efforts.  While these efforts have largely made our planet a better place to live, climate change – due to both human impacts as well as the natural progression of global climates – is happening.  We can’t stop it, so we need to adapt to what is coming.  This adaptation is Resiliency – part mitigation, part preparedness.  It’s even in how we recover – remembering that recovery is not just rebuilding, it’s a series of conscious decisions in how we rebuild.  (FYI the Diva posted some references on communities relocating after a disaster instead of rebuilding where they were).

In New York State, there is a current initiative called New York Rising.  You will see from the information on their site that they are piloting this in five counties who were impacted by severe storms in 2013, including counties in my area.  They are using disaster recovery as a starting point and worked toward a strategic plan to make communities more resilient.  It seems pretty simple, but it’s a good starting point.  Community engagement and buy-in is an important aspect of Resiliency.

The concept of Resiliency still seems rather amorphic, but it is certainly the culmination of many deliberate activities.  Like any activity, we need to be able to measure it and gauge where we are in our own progress (and of course funders will want to know this as well).  The GSDRC document (page 20) briefly outlines proposed metrics/indicators of resilience.  The ones they outline are largely subjective and open to individual interpretation, so some schema for assigning a value to each would need to be developed (and perhaps already has) to really allow us to analyze Resiliency performance.

Resiliency has become a new buzz word in emergency management.  I hope it’s one that is here to stay.  The longer it is here, the better definition we will be able to assign it and the better we will be able to measure it.  As Peter Drucker said, “If you can’t measure it, you can’t manage it.”  Once we are better able to measure it (and its many components and influencing factors) the better able we will be to work toward increasing our Resiliency.

What thoughts do you have on Resiliency?

© 2014 Timothy Riecker